Two pfSense boxes, one acting OpenVPN server, same subnet. Can't talk to second



  • I have two pfSense boxes that I'm currently in the processes of configuring.

    They are both connected to the same LAN subnet, and both have static IPs. Only one (#1) is performing DHCP. I am eventually going to CARP them for redundancy. Anyways, here is the problem.

    My OpenVPN tunnel works great! I can connect, and ping around my network and access my switches and #1 pfSense box. However, I can't talk to my #2 pfSense box over the tunnel. However, all other devices CAN ping the second box locally. Oh, I also ran http://en.wikipedia.org/wiki/Links_(web_browser) on #1 and I can get into the webConfig on #2. But I would like to get to it through the openvpn tunnel. Any suggestions?

    what is odd is that I see no BLOCK firewall logs on the second box.



  • #2 will not know a route back to the OpenVPN tunnel network. Your ping will have a source IP of the client end of the OpenVPN tunnel to #1. #2 has to turn that around and send a reply back. The reply will be going out #2's WAN (its default route) and will then get dropped by the ISP router (which won't know how to route your tunnel private IP).
    #2 will need a route added to tell it that the OpenVPN tunnel network is reached via the LAN IP of #1.



  • yes, one of the parallel threads here gives the answer already TODAY (search function is right upper; makes always sense to use it before posting ;))

    http://doc.pfsense.org/index.php/CARP_Secondary_Unreachable_Over_VPN


Log in to reply